ipf over bridge strange problem.

fz at frontier.fr fz at frontier.fr
Thu Jul 1 07:43:18 PDT 2004 

Hi,

For technical  (and especially customer) reasons, i setted up a firewalling solution based on FreeBSD 4.x (kernel compiled with BRIDGE option) and ipf.

No more particular stuff. You'ld find others configuration details at the end of this post (dmesg and more).

Now, the problem. Randomly, ipf starts to reject incomming connexions that should be ok (as wrote in the rules file).

If i reload ipf, things become nice again.

I really get lost with this ..

Any Help would be appreciated.

Iface are intel cards using fxp or em drivers.

/var/run/dmesg.boot:

Copyright (c) 1992-2003 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights reserved.
FreeBSD 4.9-STABLE #0: Tue Dec 16 11:22:07 GMT 2003
    noc at fhost.frontier.fr:/usr/src/sys/compile/GETSEC
Timecounter "i8254"  frequency 1193182 Hz
CPU: AMD Duron(tm) processor (1300.06-MHz 686-class CPU)
  Origin = "AuthenticAMD"  Id = 0x671  Stepping = 1
  Features=0x383f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE>
  AMD Features=0xc0400000<AMIE,DSP,3DNow!>
real memory  = 259981312 (253888K bytes)
avail memory = 247152640 (241360K bytes)
Preloaded elf kernel "kernel" at 0xc05a9000.
Pentium Pro MTRR support enabled
md0: Malloc disk
Using $PIR table, 6 entries at 0xc00fdc10
npx0: <math processor> on motherboard
npx0: INT 16 interface
pcib0: <Host to PCI bridge> on motherboard
pci0: <PCI bus> on pcib0
agp0: <VIA Generic host to PCI bridge> mem 0xd0000000-0xd3ffffff at device 0.0 on pci0
pcib1: <PCI to PCI bridge (vendor=1106 device=b112)> at device 1.0 on pci0
pci1: <PCI bus> on pcib1
pci1: <Trident model 8500 VGA-compatible display device> at 0.0 irq 12
isab0: <VIA 82C686 PCI-ISA bridge> at device 7.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <VIA 82C686 ATA100 controller> port 0xc000-0xc00f at device 7.1 on pci0
atapci0: Correcting VIA config for southbridge data corruption bug
ata0: at 0x1f0 irq 14 on atapci0
ata1: at 0x170 irq 15 on atapci0
uhci0: <VIA 83C572 USB controller> port 0xc400-0xc41f irq 11 at device 7.2 on pci0
usb0: <VIA 83C572 USB controller> on uhci0
usb0: USB revision 1.0
uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1: <VIA 83C572 USB controller> port 0xc800-0xc81f irq 11 at device 7.3 on pci0
usb1: <VIA 83C572 USB controller> on uhci1
usb1: USB revision 1.0
uhub1: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
pci0: <unknown card> (vendor=0x1106, dev=0x3057) at 7.4
hip0: <VIA 82C686 AC97 Audio> port 0xd400-0xd403,0xd000-0xd003,0xcc00-0xccff irq 5 at device 7.5 on pci0
fxp0: <Intel 82558 Pro/100 Ethernet> port 0xdc00-0xdc1f mem 0xd8000000-0xd80fffff,0xd8201000-0xd8201fff irq 12 at devi
ce 8.0 on pci0
fxp0: Ethernet address 00:08:c7:ba:c7:4e
inphy0: <i82555 10/100 media interface> on miibus0
inphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
fxp1: <Intel 82557 Pro/100 Ethernet> port 0xe000-0xe01f mem 0xd8100000-0xd81fffff,0xd8200000-0xd8200fff irq 10 at devi
ce 9.0 on pci0
fxp1: Ethernet address 00:60:b0:57:28:56
inphy1: <i82555 10/100 media interface> on miibus1
inphy1:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
dc0: <ADMtek AN985 10/100BaseTX> port 0xe400-0xe4ff mem 0xd8202000-0xd82023ff irq 11 at device 15.0 on pci0
dc0: Ethernet address: 00:10:dc:a4:77:e6
miibus2: <MII bus> on dc0
ukphy0: <Generic IEEE 802.3u media interface> on miibus2
ukphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
orm0: <Option ROMs> at iomem 0xc0000-0xcbfff,0xcc000-0xdbfff on isa0
pmtimer0 on isa0
fdc0: <NEC 72065B or clone> at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0
atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
sio0: type 16550A
sio1: configured irq 3 not in bitmap of probed irqs 0
ppc0: <Parallel port> at port 0x378-0x37f irq 7 on isa0
ppc0: Generic chipset (EPP/NIBBLE) in COMPATIBLE mode
plip0: <PLIP network interface> on ppbus0
lpt0: <Printer> on ppbus0
lpt0: Interrupt-driven port
ppi0: <Parallel I/O> on ppbus0
DUMMYNET initialized (011031)
IP packet filtering initialized, divert disabled, rule-based forwarding enabled, default to accept, logging limited to
 100 packets/entry by default
BRIDGE 020214 loaded
IPsec: Initialized Security Association Processing.
IP Filter: v3.4.31 initialized.  Default = pass all, Logging = enabled
ad0: 39205MB <Maxtor 6E040L0> [79656/16/63] at ata0-master UDMA100



--

More information about the freebsd-net mailing list